[BlueOnyx:11268] Re: ProFTPD questions

[Chris Gebhardt - VIRTBIZ Internet]

Hi Marcello,

Marcello Torchio wrote:
> Hi everyone,
> 
> i've two questions about proFTPD daemon.
> First of all i'm running BO 5108R server,
> 
> I was looking for something to ban IPs that try to access ftp service 
> using dictionary based attacks. I've found in /etc/proftpd.conf the 
> configuration file of proFTPD daemon. I've read documentation about its 
> structure and the mod_ban module. When i type "service proftpd status" 
> on terminal, system tells me that there is no proFTPD daemon running on 
> the system. If i try to connect via FTP on my server the connection 
> works great. So, with FTP connection opened, i typed on terminal "lsof 
> -i" to see running processes and their binded ports. I've found a 
> process named "in.proftpd" binded to port 21 on my FTP connection. This 
> behavior is right or not?

BlueOnyx has some of this behavior built in from the start.  You may go 
to Server Management, Security, Login Manager.   We do not recommend 
using the "user rule" at all!   But you can use the "host rule" and 
select how many failed logins per hour you want to have trip the block.

If you want to clamp down even further, you can use Solarspeed's 
"APF/BFD" protection package on your server.


> The second question is about the usage of hosts.allow/deny files. Is it 
> possible to exclude determinate IPs to access FTP service? I am already 
> using these files to exclude everyone, except a few adresses, to avoid 
> ssh access.

You can use hosts.allow and hosts.deny for this purpose.  Instead of 
"sshd" that you are using to control ssh, use "proftpd", since that is 
is running as a xinet service.


-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ